Stop using telnet and start using netcat

By | 2013/12/19

Running telnet to port 80 is fun and all, but instead gain some hacker cred and start using netcat! Check this out.


netcat opens a raw connection to a service port. It is very useful to get information about a host without an intensive scan like nmap. You can also send requests to the service with netcat as well.

Ex 1: Connect to a webserver and send a GET request with headers
$ nc -v someserver.com 80

Then type your GET request for / along with at the minimal a Host header.

GET / HTTP/1.1 [ENTER]
Host: example.com [ENTER]
$ nc -v duckduckgo.com 80
DNS fwd/rev mismatch: duckduckgo.com != ec2-184-72-106-52.compute-1.amazonaws.com
DNS fwd/rev mismatch: duckduckgo.com != ec2-107-21-1-61.compute-1.amazonaws.com
DNS fwd/rev mismatch: duckduckgo.com != ec2-184-72-106-253.compute-1.amazonaws.com
DNS fwd/rev mismatch: duckduckgo.com != ec2-184-72-115-86.compute-1.amazonaws.com
duckduckgo.com [184.72.106.52] 80 (http) open
GET / HTTP/1.1
Host: example.com
User-Agent: My Cool Browser 1.0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 20 Dec 2013 01:34:26 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://duckduckgo.com/
Expires: Fri, 20 Dec 2013 01:34:27 GMT
Cache-Control: max-age=1
Strict-Transport-Security: max-age=0
X-DuckDuckGo-Locale: en_US

301 Moved Permanently
^C


Ex 2: Need to grab an SSH banner?
$ nc -v example.com 22

Hey look, wikipedia runs Ubuntu 12.04. They should set DebianBanner no in their sshd_config.

$ nc -v wikipedia.org 22
DNS fwd/rev mismatch: wikipedia.org != wikipedia-lb.eqiad.wikimedia.org
wikipedia.org [208.80.154.225] 22 (ssh) open
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
^C

Ex 3. mysql banner

Surely you don’t have mysql public do you? Well, let’s use netcat to grab the mysql banner.

Cool mysql 5.1.66. CentOS 6? 🙂

$ nc -v 50.57.231.234 3306
Warning: forward host lookup failed for 50-57-231-234.static.cloud-ips.com: Unknown host
50-57-231-234.static.cloud-ips.com [50.57.231.234] 3306 (mysql) open
4
5.1.66�vr#Uaga4z�.sz.oh<1!NFT^C

Ex 4. Talk to a mail server
$ nc -v mx1.ord1.rackspace.com 25
Connection to mx1.ord1.rackspace.com 25 port [tcp/smtp] succeeded!
220 mx1.ord1.rackspace.com ESMTP
ehlo example.com
250-mx1.ord1.rackspace.com
250-8BITMIME
250-SIZE 26214400
250 STARTTLS
^C

Hack on,

3 thoughts on “Stop using telnet and start using netcat

  1. RoseHosting

    Quick way to test if port is open


    $ nc -vz wikipedia.com 80
    Connection to wikipedia.com 80 port [tcp/http] succeeded!
    $

    Reply
  2. Gwyneth Llewelyn

    Cool, I noticed that two of my Ubuntu servers didn’t have ‘DebianBanner no’ set! Nice one 🙂

    Reply
  3. Colin Ng

    Thanks for your article! Helped me when macOS High Sierra stopped shipping with telnet!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.